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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH{S) OR THIRTY (30) DAYS, 

WHICHEVER IS LONGER, FROM THE IVIAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply Is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C: § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)n Responsive to communication(s) filed on 10/12/07 . 
2a)S Tills action is FINAL. 2b)D This action is non-final. 

3) \3 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 11. 453 O.G. 213. 

Disposition of Clainfis 

4) ^ Claim(s) 1,6-10 and 14 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) ^ Claim(s) 1,6-10 and 14 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) K The specification is objected to by the Examiner. 

10)0 The drawing(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .1 21 (d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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3) S Infomiation Disclosure Statement(s) (PTO/SB/08) 5) □ Notice of Infomnal Patent Application 
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DETAILED ACTION 
Response to Amendment 

1 . In the reply filed on 10/21/2007, the following has occurred: 

• Claims 2-5 and 11-13 are cancelled. The previous rejection under 35 USC 112 
regarding claims 5, 6, 13, 14 has been withdrawn. 

Specification 

2. The disclosure is objected to because the following informalities: the phrase "a 
second node of the second network" (Paragraph 8) is inconsistent. Applicant defines 
that a first network having a first node and a second node, and a second network having 
a third node and a fourth node in the abstract. Correction is required. See MPEP 

§ 608.01(b). 

Claim Rejections - 35 USC § 112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
. claiming the subject matter which the applicant regards as his invention. 

4. Claims 1, 6-10, and 14 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Claims 1 and 10 recite "the first TCP/IP port and the second TCP/IP port remain 
constant and cannot be changed and only if the third node is allowed to by the first 
node, which prevents an intruder who compromises the second network from gaining 
access to the first network except for the first TCP/IP port." which is unclear whether the 
third node is monitored and examined to communicate to the first node in the same 
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network. For examining purpose, the limitation has been construed as "the first TCP/IP 
port and the second TCP/IP port remain constant and cannot be changed and only if the 
second node is allowed to by the first node, which prevents an intruder who 
compromises the second network from gaining access to the first network except for the 
first TCP/IP port" as in the specification page 7 line 13 since the amended claims have 
changed node numbering. 

Claim 8 recites "the client server encrypts data from the third node on the 
connection and the primary server decrypts data for the first node". For examining 
purpose, the limitation has been construed as "the client server encrypts data from the 
second node on the connection and the primary server decrypts data for the first node" 
since the rest of the claims have renumbered the nodes. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1, 6, 7, 10, and14 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Richmond et al. (US PG PUB 20030152067) in view of Jacobson et 
al. (US Patent 6044402). 

Regarding claims 1 and 10, Richmond teaches in Fig. IB, Abstract, and 
Paragraph 5 Entry port module 146 of network entry device (a first network having a first 
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node predefined by an administrator) is connected to user device 150 by the Internet 
148 (a second network which includes at least a part of an Internet having a second 
node having a second port separate and apart from the first network) and shared 
transmission medium 152. Network devices may be and/or include any of a variety of 
types of devices, including, among other things, switching devices, workstations, 
personal computers, terminals, laptop computers, end stations, servers, gateways, 
registers, directories, databases, printers, fax machines, telephones, transmitters, 
receivers, repeaters (the third node is only able to communicate with the first node). 
Richmond teaches in paragraph [0018] an entry port module may be coupled to a user 
device by a shared transmission medium or a dedicated transmission medium. A 
"shared transmission medium" is a transmission medium connected to a port module of 
a first device and over which multiple other devices may exchange packets with the first 
device. For example, a gateway server for an enterprise network may have a port 
module connected to the Internet by a T-3 cable (the second node only communicating 
with the first port of the first node through the communication which does not connect 
the first network with the second network). Richmond further teaches in paragraphs 
[0120] and [0130] service abstractions may be distributed to one or more network 
devices. Service abstractions may be assigned to one or more users of the network, 
and may be used to configure a port module of a network device. It is desirable to allow 
a network manager the ability to define services to be provided for users using service 
abstractions, where each service abstraction has a meaning to an administrator within 
the context of a communications network, i.e., specifies a service to be provided to 
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users (only if tlie second node is allowed to by the first node). However, Richmond does 
not expressly teach TCP/IP port extension using gateway methodology, the first TCP/IP 
port and the second TCP/IP port remain constant and cannot be changed, prevents an 
intruder who compromises the second network from gaining access to the first network. 
However, statement of intended use or field of use such as "an intruder who 
compronriises the second network from gaining access to the first network" does not 
differentiate the claimed apparatus from a prior art apparatus satisfying the claimed 
structural limitations (EX parte Masham 2 USPQ2d 1647 1987). Jacobson teaches in 
Fig. 1, 6, and 7 TCP ports being configured and NCB (network connection blocker) is 
connected to the protected host computers and the local gateway. It would have been 
obvious to one of ordinary skill in the art at the time of the invention was made to have 
TCP/IP port extension using gateway methodology, the first TCP/IP port and the second 
TCP/IP port remain constant and cannot be changed, prevents an intruder who 
compromises the second network from gaining access to the first network in order to 
provides network security to such a subnet by passively monitoring connections 
between the subnet and the rest of the network and actively blocking those of the 
connections that are unwanted (Col. 1 Lines 10-16 Jacobson). 

Regarding claim 7, Richmond and Jacobson teach the limitations for claim 1. 
Richmond teaches in Fig. 4 first network having the first node having the first port and a 
primary server, the second node having the second port and a client server in 
communication with each other. 
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Regarding claims 6 and 14, Richmond and Jacobson teach the limitations for 
claims 1 and 10. Jacobson teaches in Col. 1 Line 66 - Col.2 Line 6 a network 
connection blocker for monitoring connections between host computers in a network 
and blocking the unwanted connections. 

7. Claims 8 and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Richmond et al. (US PG PUB 20030152067) modified by Jacobson et al. (US Patent 
6044402) and further in view of Border et al. (US PG PUB 20030147403). 

Regarding claim 8, Richmond and Jacobson teach the limitations for claims 1 
and 10. However, Richmond and Jacobson do not expressly teach the client server 
encrypts data from the second node on the connection and the primary server decrypts 
data for the first node. Border teaches in Paragraph 144 the client application within the 
host 301 generates traffic over the local network 303 to the terminal 305, which 
compresses and encrypts the traffic based on the PEP and VPN functions. This 
encrypted traffic is transported across the access network 307 to the Internet 31 1 via 
the gateway 309. At this point, the VPN server 315 decrypts the traffic from the host 301 
and fonA/ards the packets to the PEP gateway 317, which communicates with the 
intranet 319 on which the destination server 321 resides. It would have been obvious to 
one having ordinary skill in the art at the time of invention was made for the third node 
to have the client server encrypts data from the second node on the connection and the 
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primary server decrypts data for the first node in order to establish the secure tunnel 
that traverses the network (Abstract in Border). 

Regarding claim 9, Richmond, Jacobson and Border teach the limitations for 
claim 8. Jacobson teaches in Col. 1 Line 66 - Col.2 Line 6 a network connection blocker 
for monitoring connections between host computers in a network and blocking the 
unwanted connections. 



Response to Arguments 

8. In the remarks filed 10/21/2007, Applicant argues in substance that the prior art 
fails to teach certain features of the claims as now amended. Applicant's arguments with 
respect to claims 1, 6-10, and 14 have been considered but are moot in view of the new 
ground(s) of rejection. 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Ocepek et al. (US Patent 7124197) teaches Fig. 1, 10-12 
gateway methodology implementing restricting and allowing client devices. 

10. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 



Application/Control Number: Page 8 

10/694,651 

Art Unit: 2619 

mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Eunsook Choi whose telephone number is 571-270- 
1822. The examiner can normally be reached on Monday-Friday 8:00-5:00 EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Chau Nguyen can be reached on 571-272-3126. The fax phone number for 
the organization where this application or proceeding is assigned is 571r273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



CHAU NGUYEN 

QiiPSMSOW PATErn examiner 



